Powershell Get-Acl on UNC paths with spaces

0
votes

I am trying to check ACLs on UNC paths via the Get-Acl cmdlet.

The below works fine when browsing the local filesystem or on a UNC path without spaces.

$ou = 'OU=Security Groups,DC=mydomain,DC=local'

$basepath =  '\\mydomain\dfsroot'

$filter = '*501*'

Get-ADGroup -SearchBase $ou -Filter { Name -like $filter } | % {
    $principle = $_.samAccountName
    Get-ChildItem -LiteralPath $basepath -Recurse | % {
        $path = $_.FullName
        ($path | Get-Acl).Access.IdentityReference | % { if ( $_.Value -match $principle ) { Write-Host "$principle has rights to $path" }}
    }
}

On UNC paths with spaces I get a "FileNotFoundException":

Get-Acl : \local501\dfsroot\docs\Accounting\Bankruptcy Files\NOTICE TO MEMBERSHIP RE-CHAPTER 11.pdf
At C:\Users\administrator.LOCAL501\Documents\IT Support Guys - (855) 4 IT GUYS\Files\find_paths_by_principle.ps1:11 char:18
+ ($path | Get-Acl).Access.IdentityReference | % { if ( $_.Valu ...
+ ~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-Acl],FileNotFoundException
+ FullyQualifiedErrorId : System.IO.FileNotFoundException,Microsoft.PowerShell.Commands.GetAclCommand

Can somebody help me understand what's going on here?

Thanks!

2
powershellaclunc

2 Answers

0
votes

Ignore this! My DFS share is full of corruption! Filenames just happened to be ones with spaces. Good news!

0
votes

So your code is a little needlessly complicated. Here's a script that's easier to understand the flow and shouldn't error out on spaces:

If (-not (Test-Path -Path DFS:\))
{ New-PSDrive -Name DFS -PSProvider FileSystem -Root \\mydomain\dfsroot }

$OU         = 'OU=Security Groups,DC=mydomain,DC=local'
$Filter     = '*501*'
$Principles = (Get-ADGroup -SearchBase $OU -Filter {Name -like $Filter}).samAccountName
$Collection = @()

ForEach ($Path in (Get-ChildItem -Path DFS:\ -Recurse -ErrorVariable +CustomERR))
{
    ## Using an array literal so items don't end up appended to one giant hashtable
    $Collection += @(
        @{ Path = $Path.FullName
           Acl  = (Get-Acl -Path $Path.FullName).Access.IdentityReference.Value
         }
    )
}

ForEach ($Principle in $Principles)
{
    ForEach ($Item in $Collection)
    {
        If ($Item.Acl -contains $Principle)
        {
            Write-Host "'$Principle' has rights to '$($Item.Path)'"
        }
    }
}

Edit: made some optimizations